diff options
| author | keramida <keramida@FreeBSD.org> | 2002-12-07 23:37:44 +0000 |
|---|---|---|
| committer | keramida <keramida@FreeBSD.org> | 2002-12-07 23:37:44 +0000 |
| commit | f973c892f02c9b9d8632f8a998cad3561c2aed82 (patch) | |
| tree | a36b369e264e058212f540a3688cf59e2b033527 | |
| parent | 23261cad9face21241c2c9d8d9b3a6a5debda31e (diff) | |
| download | FreeBSD-src-f973c892f02c9b9d8632f8a998cad3561c2aed82.zip FreeBSD-src-f973c892f02c9b9d8632f8a998cad3561c2aed82.tar.gz | |
Avoid using perl in the periodic & security scripts. This brings the
base system one step closer to being totally perl-free.
Approved by: re (jhb)
| -rwxr-xr-x | etc/periodic/daily/440.status-mailq | 4 | ||||
| -rwxr-xr-x | etc/periodic/daily/460.status-mail-rejects | 5 | ||||
| -rwxr-xr-x | etc/periodic/daily/470.status-named | 48 | ||||
| -rwxr-xr-x | etc/periodic/security/550.ipfwlimit | 6 | ||||
| -rwxr-xr-x | etc/periodic/security/650.ip6fwlimit | 6 |
5 files changed, 37 insertions, 32 deletions
diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq index 90869d8..0aad053 100755 --- a/etc/periodic/daily/440.status-mailq +++ b/etc/periodic/daily/440.status-mailq @@ -25,7 +25,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | @@ -45,7 +45,7 @@ case "$daily_status_mailq_enable" in rc=$(case "$daily_status_mailq_shorten" in [Yy][Ee][Ss]) mailq -Ac | - perl -ne 'print if /^\s+\S+@/' | + egrep -e '^[[:space:]]+[^[:space:]]+@' | sort | uniq -c | sort -nr | diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects index 1c7f071..596af49 100755 --- a/etc/periodic/daily/460.status-mail-rejects +++ b/etc/periodic/daily/460.status-mail-rejects @@ -51,8 +51,9 @@ case "$daily_status_mail_rejects_enable" in done cat /var/log/maillog } | - perl -ne "print \"\$2\n\" - if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | + fgrep 'reject=' | + egrep -e "^$start.*ruleset=check_[^[:space:]]+,[[:space:]]+arg1=(<[^@]+@)?([^>,]+).*reject=.*" | + sed -e 's/.*arg1=//' -e 's/.*@//' -e 's/[>[:space:]].*$//' | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi;; diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named index 3050747..795c18c 100755 --- a/etc/periodic/daily/470.status-named +++ b/etc/periodic/daily/470.status-named @@ -25,30 +25,30 @@ case "$daily_status_named_enable" in start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` rc=$(catmsgs | - perl -ne 'print "$2 from $1\n" - if (/^'"$start"'.*named\[\d+\]: denied [AI]XFR from \[(.*)\]\.\d+ for "(.*)"/);' | - sort -f | uniq -ic | - perl -e ' - use Socket; - - while (<STDIN>) { - if (/^.*from (.*)$/) { - $ip_addr = $1; - chomp; - if ($ARGV[0] =~ /^yes$/i) { - ($host) = gethostbyaddr(inet_aton($ip_addr), AF_INET); - } else { - $host = ""; - } - - if ($host) { - print "$_ ($host)\n"; - } else { - print "$_\n"; - } - } - } - ' $daily_status_named_usedns | tee /dev/stderr | wc -l) + fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \ + sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/' + sort -f | uniq -ic | ( + usedns=0 + if [ X"${daily_status_named_usedns}" != X"" ]; then + case $daily_status_named_usedns in + [yY][eE][sS]) usedns=1 ;; + esac + fi + + while read line ;do + ipaddr=`echo "$line" | sed -e 's/^.*from //'` + if [ $usedns -eq 1 ]; then + name=`host "${ipaddr}" 2>/dev/null | \ + grep 'domain name pointer' | \ + sed -e 's/^.* //'` + fi + if [ X"${name}" != X"" ]; then + echo "${line} (${name})" + else + echo "${line}" + fi + done ) | \ + tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 ;; diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index 653dcf1..d033645 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -45,8 +45,10 @@ case "$daily_status_security_ipfwlimit_enable" in TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + ipfw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" diff --git a/etc/periodic/security/650.ip6fwlimit b/etc/periodic/security/650.ip6fwlimit index 3a19c99..56cdf28 100755 --- a/etc/periodic/security/650.ip6fwlimit +++ b/etc/periodic/security/650.ip6fwlimit @@ -45,8 +45,10 @@ case "$daily_status_security_ip6fwlimit_enable" in TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then - ip6fw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP} + ip6fw -a l | grep " log " | \ + grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ + awk -v limit="$IPFW_LOG_LIMIT" \ + '{if ($2 > limit) {print $0}}' > ${TMP} if [ -s "${TMP}" ]; then rc=1 echo "" |
